4.7.2 LDAP Verify Access Rights

Dialer verifies that the user has appropriate rights to create a conference by performing the following steps:

  • Create a temporary conference with the same security descriptor.

  • Modify the entryTTL for the temporary conference.

  • Delete the temporary conference.

The conference object is created only if the above operations are all successful. The temporary conference is created using an LDAP request as follows:

  • uid=19168,ou=dynamic,o=Intranet where the uid is a randomly generated number.

The temporary conference is created with the following attributes:

 ObjectClass=( RTConference )( DynamicObject )
 ntSecurityDescriptor=( )

The ntSecurityDescriptor is initialized with the following rights:

  • The SID for Everyone (S-1-1-0) has read permissions on the object.

  • The SID for the user has all permissions on the object.

On successful creation, the temporary conference is modified as follows:

  • ModifyRequest: Object: uid=19168,ou=dynamic,o=Intranet

The following attributes of the conference (rtConference) are then modified as follows:

  • entryTTL: the time-to-live is updated (e.g. 300).

On successful update of the entryTTL, the temporary conference is deleted using the following LDAP request:

  • DelRequest: uid=19168,ou=dynamic,o=Intranet